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© Block-cipher cryptographic device based upon a pseudorandom nonlinear sequence generator. 

© A block-cipher cryptographic device that processes plaintext/encrypted input data with a key signal to 
provide encrypted/decrypted output data. Such device includes a shift register (10) for receiving .nput data (13). 
and da* processing JL (12). including a pseudorandom non.inear sequence £ 
following data processing routine a selected number of cycles to prov.de output data 1 5) £ 
30) the contents (16) of said shift register with a key signal (14) to provide -n.t.ally processed da a (28). 
SaSng the pseudorandom nonlinear sequence generator with the initially processed data: runnmg he 
p"eudora 9 ndom nonlinear sequence generator to generate a keystream (34); segregating <3«^>^ 0 ™ f 
kevstream- orocessinq (44) said segregated portions of said keystream with a port.on of the data in ne shift 
SS to' provide a block of processed" data; and shifting said block of processed data into the shift reg.ster. To 
further increase the randomness of the pseudorandom keystream generator, and hence the encryption secur.ty 
hfdata p Messing routine segregates the keystream in accordance with a routine (36) where.n the beginning of 
said segregated'portion is provided at a time related to the beginning of the keystream .n response to a duration 
Nation CO; segregates (38) every nth bit of the keystream from said beginning of said segregated portiorr 0 r 
T eS ted number "of segregated bits in response to a frequency indication (n); and provides sa ; d nitally 
orocessed data by first processing (18) said shift register contents and said key s.gnal and then rotatjng (22) 
SSHroduced by said first processing in response to a rotation indication (X). The duration ind.cai.on. the 
JequeTcyTndtalL and the rotation indication are each separately provided for each of the cycles and may be 
different for each of the cycles. 
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BACKGROUND OF THE INVENTION 

The present invention generaliy pertains to alg orithm are often 

Block-cipher cryptographic devices based ^.f^fS^^p^erft encryption/decryption 



products containing a block-cipher cryptographic 
export from the United States of America 
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SUMMARY OF THE INVENTION 

security for many applications. - oresen t invention is a device that processes 

IrtnTCsL^om nonlinear sequence generator to generate a keystream. 

JSc^STS^SEr* - " -* a p °* n 01 daa in me reQis,er ,0 

provide a block of processed data; and «„ tater 

^ -el^^ of cycles of execution of the data 

provided by the cryptographic device of the present is 
Segregates the keystream in -- dan ~J^ indLL; segregates 

provided at a time related to the beg.nn.ng of the keystoeam . " res P jon {or a selecte d number of 

every nth bit of the keystream from sa,d begmning of sa,d seg JJ^JJ sed data by first 

segregated bits in response to a frequency md.c *»n. and prov des sa d J ? gaid first 

pressing said shift register contents and sa.d key ^^J^^^eSay indication and the 

5 ss?sirr^ - - - — * each of the 

^Additional features of the present invention are described in relation to the description of the preferred 
embodiment. 
° BRIEF DESCRIPTION OF THE DRAWING 

Figure 1 is a functional b.ock diagram of a b.ock-cipher encryption device according to the present 
45 ,,W Cr. 1A is a b.ock diagram of data processing routines performed by the data processing system of 
'^^Vrefis 3 a functiona. block diagram i.iustrating detai.s of the discard and segregate functions of the 
. e °lS2 fT.tSSL. 1 block diagram of a b.ock-cipher decryption device according to the present 
so invention. 

DESCRIPTION OF THE PREFERRED EMBODIMENT 

Reterring to «g U re ,. a preterre, 7™"^ *£3TSS ^ZT^Z 
" S^^Tl^b^^SJ «-»• S fomented 0, — ,n a 

microprocessor. nrnrpsses an N-byte block of plaintext input data 13 

The block-cipher encryption device of Figure 1 p.ocesses an in uy 
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with an M-byte encryption key 14 signal to provide an N-byte block of encrypted output data 15. In a 
preferred embodiment that is compatible with a DES encryption device, M = 7 and N = 8. 
The feedback shift register 10 receives an N-byte block of plaintext input data 13. 
The data processing system 12 processes the M most significant bytes 16 of the plaintext input data 
5 with the M-byte encryption key 14 by adding the plaintext bytes 16 to the key bytes 14, as illustrated in 
Figure 1A by a first data processing routine 18. In alternative embodiments this first routine 18 could be 
something other than addition, such as subtraction or exclusive ORing (XORing), for example. 

The M bytes of data 20 produced by the first routine 18 are then rotated by the data processing system 
12 in accordance with a second data processing routine 22 by a number of bytes X in response to a 
w rotation indication X. The relationship of the rotated bytes 26 to the first produced bytes 20 is shown in 
Table 1 for a rotation indication of three bytes, with M = 7. 



BYTES 20 Bytel Byte2 Byte3 Byte4 ByteS Byte6 Byte7 

75 

ROTATED BYTES 26 Byte 4 ByteS Byte6 Byte7 Bytel Byte2 Byte3 

TABLE 1 



20 The data processing system 12 then expands the rotated M bytes 26 to provide N bytes of initially 
processed data 28 by executing a data expansion processing routine 30. In the preferred embodiment, 
wherein M = 7 and N = 8, the Nth byte is produced by XORing the M bytes. 

A pseudorandom nonlinear sequence generator 32, included in the data processing system 12 is 
initialized by the N bytes of initially processed data 28 and is run to generate a keystream 34. In the 

25 preferred embodiment the keystream generator 32 is a dynamic-feedback-arrangement-scrambling-tech- 
nique (DFAST) keystream generator 32, which is implemented in hardware to increase the processing 
speed of the data processing system 12. A DFAST keystream generator is described in United States 
Letters Patent No. 4,860,353 to David S. Brown. The preferred embodiment of the DFAST keystream 
generator 32, as described in said patent, includes a dynamic (or nonlinear) feedback shift register and a 

30 static (or linear) feedback shift register for receiving input data. The most significant bytes of the N bytes 28 
are received in the dynamic feedback shift register and the remaining bytes are received in the static 
feedback shift register of the DFAST keystream generator 32. The DFAST keystream generator 32 provides 
high speed pseudorandom nonlinear sequence processing of the N bytes 28 to quickly generate a 
keystream 34 from which a single byte can readily be segregated to create data that can be fedback for 

35 processing in subsequent cycles. In alternative embodiments, other types of pseudorandom nonlinear 
sequence generators may be used instead of the DFAST keystream generator 32. 

The data processing system 12 next executes a discard routine 36 and a segregate routine 38 to 
segregate portions of the keystream 34 into a single byte 40. The data processing system 12 segregates 
the keystream 34 in accordance with the discard routine 36 wherein the beginning of the segregated portion 

40 of the keystream 42 is provided at a time related to the beginning of the keystream 34 in response to a 
duration indication Y by discarding the first Y bytes of the keystream 34. 

The data processing system 12 further segregates the keystream 42 by segregating every nth bit of the 
keystream 42 from said beginning of said segregated portion in response to a frequency indication n until 
eight bits are segregated to form the single byte 40. 

45 Details of the discard routine 36 and the segregate routine 38 are described with reference to Figure 2. 
To execute these routines the data processing system includes and/or implements a duration indication 
counter 48 a frequency indication counter 50, a bit counter 52, a byte register 54 and an OR gate 55. All 
three counters 48, 50, 52 are clocked by the same clock signal 56 as clocks the DFAST keystream 
generator 32. The output of the counter 48 is coupled through the OR gate 55 to the load input of the 

so counter 50. The output of the counter 50 is provided to the enable input of the counter 52 and the enable 
input of the byte register 54 and is also coupled through the OR gate 55 to the input of the counter 50. The 
keystream 32 is provided to the data input of the byte register 54. 

For each cycle of data processing routines a duration indication Y is loaded into the duration indication 
counter 48 and a frequency indication n is loaded into the frequency indication counter 50. After the first Y 

55 bytes of the keystream 34, a start pulse 60 is delivered by the duration indication counter 48 to the 
frequency indication counter 50, which in turn delivers an enable pulse to the bit counter 52 and the byte 
register 54. The byte register is thus enabled to register the concurrent bit of the keystream 34; and the 
number of bits registered in the byte register 54 is counted by the bit counter 52. The frequency indication 

4 
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counter conges .o provide a pu f 6* ^r^"^ £ 5 « 

Referring again to blocker r 0 *^^^ w segregating portions ot the keystream 34 « 

data 46 - . h n a , a 46 is shifted into the most significant byte position of the feed back :shift 

shifted such that the .east significant byte of data ,s sh,fted 

encrypt a single block of plaintext ^'^J^^b enc^on device. To ensure that any single b,t 
security that is required for the pabular ^^*^ e £Xut data, there shou.d be at ieast sixteen 
of the key signal or of the mput da a can sJadditional security, with the number of 

cycles. Preferably even more cycles are ex ^ff h VL a processing system 12 in relation to the frequency 
cycles being limited by the processmg speed X J encryption, 

a? which the plaintext input data .. ^^° i ^S^ indication X. the duration indication Y and the 
For each cycle of data processing rout '^ s ' t ^;™ o{ tnese indications may be different in each of 
frequency indication n are separately prov.ded. Thus, each 
i the different cycles. n ,, m h P r of cvcles and the rotation indication X, the duration 

■ are p — ,he encw,ed ° u ** da,a 15 is provided 

from the feedback shift register 10 provided by passing the bytes of 

reference to Figures 1 and 2, «ith the "f?^,,,,, „ N . byle block ot encrypted input data 13' 

The block-cipher decryption de-ice ot Figure 3 P™ C «J L£ of ^ crypted output data 15'. 
with an M-b»te decryption key Uergnal » f™*» ^cfof encrypted input data 13'. 
, s The feedback shift renter 0 receives an N- byte bloc W VP p0rtiwl5 o( lhe keystream 

40 data is shifted out of the shift register 10. deC rvDts encrypted data provided by the block-cipher 

«£S "SSSOT S=i ^rJpSr ,n» S p— data encrypted by the bloc, 

cipher encryption device of Figure 1 - 
45 Claims 

so a shift register (10) for receiving the input data (13); and 

e^a^ 

^'Z^ZTSfZ ^e "oSsTtS, o, said shit, register with a key signai (M, to provide 
initially processed data (28); cpnuence Generator with the initially processed data; 
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segregating (36, 38) portions of the keystream; 

processing (44) said segregated portions of said keystream with a portion of the data in the shift 
register to provide a block of processed data (46); and 

shifting said block of processed data into the shift register. 

2. A device according to Claim 1 , wherein the data processing means provide said output data in the shift 
register by said shifting of said blocks of processed data into the shift register for said selected number 
of cycles. 

3. A device according to Claim 1 , wherein the data processing routine includes segregating (36) a portion 
of said keystream in accordance with a routine that begins said segregated portion at a time indicated 
by a duration indication (Y) that is separately provided for each of the cycles and may be different for 
each of the cycles. 

4 A device according to Claim 3, wherein the routine for segregating said portion of said keystream 
includes providing said segregated portion by segregating (38) every nth bit of the keystream from said 
beginning of said segregated portion for a selected number of segregated bits in response to a 
frequency indication (n) that is separately provided for each of the cycles and may be different for each 
of the cycles. 

5 A device according to Claim 1, wherein the data processing routine includes segregating a portion of 
said keystream by segregating (38) every nth bit of the keystream from a beginning of said segregated 
portion for a selected number of segregated bits in response to a frequency indication (n) that is 
separately provided for each of the cycles and may be different for each of the cycles. 

6 A device according to any of Claims 1, 3 or 5, wherein the data processing routine includes providing 
said initially processed data by first processing (18) said shift register contents and said key signal and 
then rotating (22) data produced by said first processing in response to a rotation indication (X) that is 
separately provided for each of the cycles and may be different for each of the cycles. 

A device according to any of Claims 1, 3, 4, 5 or 6, wherein the data processing means includes a 
dynamic-feedback-arrangement-scrambling-techniquekeystream generator (32) for generating said 

keystream. 
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© a block-cipher crypto^ ^T*Z 
^sses P'a-ntext/encrypted ^pu ^ ^ 
signal to provide encrypted/decryp 
s ? ch device includes a j* ^< g Lans (12 ), 
ing input data O^^om nonlinear sequence gen- 
including a P seudora ".^ he f0 „ 0 wing data process- 
erator (32), for *f ^^bef of cycles to provide 
in g routine a selected number ^o y 
output data (15): process^ , 8.^ . I tQ 
(16 ) of said shift reg.ster a key 0^ ^ 

provide initially P«**^ **^%e generator with 
'pseudorandom "onUne*«^^ ^ an _ 
the initially processed data run y ^ & 

d om nonlinear sequence generator ^ ^ 

keystream (34): segregates (36. 3 > P rtions 

keystream; P'^^pSSn'rt the data in the 
of said keystream w.th ^a ^port essed data; 

shift register to prov.de «** J data ^ tne 
and shifting said block oi p<" 



shi ft register. To ^^^IS^ 
the pseudorandom ^ processing routine 

tne encryption security. *e » ^ ^ a rou . 
segregates the keystre aj . ^-cco segregated 
t in e (36) wherein the beg™0 ^ ^ beginning 
portion is provided at a time ind icat.on 
P of the the keystream 

(Y); segregates (38) every rtion fo r a 

{ro m said b^'* in response to a 

selected number of seg egated b ^ 
frequency indication (n) ^ P r ° (18) s aid shift 
processed data by first ^ process, g K ^ ^ 
register contents and said key signa ^ ^ 

ina (22) data produced by said«s w Qn 
"esponse to a rotation rotation 

indication, the ^^ ^o^* f0f eaCh « 
indication - ^^^fSerent for each of the 

the cycles and may 
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